The National Security Agency (NSA) was well aware of the Heartbleed flaw and has been regularly exploiting it to gather critical intelligence for at least two years, anonymous sources familiar with the matter have told Bloomberg.
By using Heartbleed, the NSA “was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost,” Bloomberg reports, citing two unidentified sources.
The spy agency has officially denied the allegations, stating that it was not aware of the bug until it was made public on Monday.
“NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report. Reports that say otherwise are wrong,” read the statement.
The White House also refuted the report through a strong and immediate statement, “The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services.”
“If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.”
Earlier this week, security researchers publicly revealed the ‘Heartbleed’ bug, the most significant vulnerability to ever hit the internet, which has made headlines since then. Just with the revelation, reports circulated claiming NSA to have caused the Heartbleed bug as a part of Prism online surveillance programme.
Despite the speculations, the man behind the coding error, Robin Seggelmann, revealed his responsibility stating Heartbleed to be a simple programming error in security relevant area that was trivial, but the effect to be clearly severe.
